package com.xing.binbackend.http;

import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

public class TrustAnyTrustManager implements X509TrustManager {
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        /*
         * 注意：此处跳过客户端证书验证
         * 生产环境应替换为：
         * 1. 验证证书链有效性
         * 2. 检查证书吊销状态(CRL/OCSP)
         * 3. 验证证书域名匹配
         */
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        /*
         * 注意：此处跳过服务端证书验证
         * 生产环境应：
         * 1. 使用可信CA证书库验证
         * 2. 验证证书有效期
         * 3. 验证证书密钥用法是否符合要求
         */
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
